CVE-2024-50684

MEDIUM

SunGrow iSolarCloud <V2.1.6.20241017 - Info Disclosure

Title source: llm

Description

SunGrow iSolarCloud Android app V2.1.6.20241017 and prior uses an insecure AES key to encrypt client data (insufficient entropy). This may allow attackers to decrypt intercepted communications between the mobile app and iSolarCloud.

References (1)

[Vendor Advisory] https://en.sungrowpower.com/security-notice-detail-2/6126

Scores

CVSS v3 6.5

EPSS 0.0021

EPSS Percentile 43.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-330

Status published

Products (1)

sungrowpower/isolarcloud < 2.1.6.20241104

Published Feb 26, 2025

Tracked Since Feb 18, 2026